58 lines
1.6 KiB
Go
58 lines
1.6 KiB
Go
package httpapi
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/vasyansk/imap-copier/internal/config"
|
|
)
|
|
|
|
func testServer() *Server {
|
|
return &Server{cfg: config.Config{
|
|
AuthUser: "admin", AuthPass: "pw", SessionSecret: []byte("sekret"),
|
|
}}
|
|
}
|
|
|
|
func TestLoginSetsCookie(t *testing.T) {
|
|
s := testServer()
|
|
req := httptest.NewRequest("POST", "/api/login", strings.NewReader(`{"user":"admin","pass":"pw"}`))
|
|
rw := httptest.NewRecorder()
|
|
s.handleLogin(rw, req)
|
|
if rw.Code != http.StatusOK {
|
|
t.Fatalf("code=%d", rw.Code)
|
|
}
|
|
if len(rw.Result().Cookies()) == 0 {
|
|
t.Fatal("no session cookie set")
|
|
}
|
|
}
|
|
|
|
func TestRequireAuthBlocksNoCookie(t *testing.T) {
|
|
s := testServer()
|
|
h := s.requireAuth(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) }))
|
|
rw := httptest.NewRecorder()
|
|
h.ServeHTTP(rw, httptest.NewRequest("GET", "/api/tasks", nil))
|
|
if rw.Code != http.StatusUnauthorized {
|
|
t.Fatalf("want 401, got %d", rw.Code)
|
|
}
|
|
}
|
|
|
|
func TestRequireAuthAllowsValidCookie(t *testing.T) {
|
|
s := testServer()
|
|
// логинимся, забираем cookie, повторяем запрос
|
|
lr := httptest.NewRequest("POST", "/api/login", strings.NewReader(`{"user":"admin","pass":"pw"}`))
|
|
lrw := httptest.NewRecorder()
|
|
s.handleLogin(lrw, lr)
|
|
cookie := lrw.Result().Cookies()[0]
|
|
|
|
h := s.requireAuth(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(200) }))
|
|
req := httptest.NewRequest("GET", "/api/tasks", nil)
|
|
req.AddCookie(cookie)
|
|
rw := httptest.NewRecorder()
|
|
h.ServeHTTP(rw, req)
|
|
if rw.Code != 200 {
|
|
t.Fatalf("want 200, got %d", rw.Code)
|
|
}
|
|
}
|